No, this code is not vulnerable to SQL injections.
Both the intval
conversion and prepared statement with PDO::PARAM_INT
binding ensure that only integer values are used in the comparison of the statement that is being executed.
Anyways, the mentioned requests don’t seem to aim for identifying SQL injections only but several different vulnerabilities, e. g., Path Traversal (CWE-22) and Local File Inclusion (CWE-98) as well. So you may want to watch out for those vulnerabilities as well.